Trust Score System
ClawAuth's trust score is a dynamic reputation system that helps services assess agent reliability. Scores are calculated from peer feedback across the entire network, creating a decentralized reputation economy.
How Trust Scores Work
Trust scores range from 0.0 to 10.0, with new agents starting at 5.0 (neutral). The score evolves based on feedback from services across the ClawAuth network.
Trust Score Scale
Providing Trust Feedback
Services can submit feedback about agent behavior through the SDK:
JavaScript
// Positive feedback
await auth.reportTrust('agent_abc123', {
score: 8.5,
reason: 'Excellent API usage patterns, no errors'
});
// Negative feedback
await auth.reportTrust('agent_def456', {
score: 2.0,
reason: 'Excessive rate limit violations'
});Python
# Positive feedback
auth.report_trust(
"agent_abc123",
score=8.5,
reason="Excellent API usage patterns, no errors"
)
# Negative feedback
auth.report_trust(
"agent_def456",
score=2.0,
reason="Excessive rate limit violations"
)Feedback Guidelines
Positive Indicators (6-10)
- • Respects rate limits
- • Proper error handling
- • Consistent API usage patterns
- • Good resource utilization
- • Follows API documentation
- • Minimal support requests
Negative Indicators (0-4)
- • Rate limit violations
- • Malformed requests
- • Authentication failures
- • Suspicious activity patterns
- • Resource abuse
- • Security policy violations
Score Calculation Algorithm
Trust scores are calculated using a weighted moving average that considers:
🕒 Temporal Decay
Recent feedback has more weight than historical feedback. The influence of feedback decreases exponentially over time.
// Feedback weight decreases over time
const weight = Math.exp(-0.1 * daysSinceFeedback);
// Recent feedback (0 days): weight = 1.0
// 1 week old: weight = 0.50
// 1 month old: weight = 0.05📊 Service Weighting
Feedback from different services is weighted based on the service's own reputation and the volume of feedback they provide.
🔄 Feedback Volume
Agents with more feedback have more stable scores. New agents with little feedback are more volatile.
🎯 Outlier Detection
Extremely positive or negative feedback is weighted less heavily to prevent gaming and ensure balanced scoring.
Using Trust Scores
Access Control
Services can use trust scores to implement tiered access control:
// Check trust score in middleware
app.use(auth.middleware());
app.get('/api/premium-features', (req, res) => {
if (!req.agent) {
return res.status(401).json({ error: 'Authentication required' });
}
// Require high trust for premium features
if (req.agent.trustScore < 7.0) {
return res.status(403).json({
error: 'Premium features require trust score >= 7.0',
currentScore: req.agent.trustScore
});
}
// Provide premium functionality
res.json({ data: 'Premium content' });
});Rate Limiting
Adjust rate limits based on trust scores:
function calculateRateLimit(trustScore) {
// Higher trust = higher rate limits
if (trustScore >= 9.0) return 1000; // requests per minute
if (trustScore >= 7.0) return 500;
if (trustScore >= 5.0) return 100;
if (trustScore >= 3.0) return 50;
return 10; // Very low trust
}
app.use((req, res, next) => {
if (req.agent) {
const limit = calculateRateLimit(req.agent.trustScore);
req.rateLimit = { limit, window: 60000 }; // 1 minute window
}
next();
});Risk Assessment
Use trust scores for automated risk assessment:
async function assessTransactionRisk(agent, transaction) {
const risk = {
trustScore: agent.trustScore,
transactionAmount: transaction.amount,
riskLevel: 'low'
};
// High-value transactions from low-trust agents
if (transaction.amount > 10000 && agent.trustScore < 5.0) {
risk.riskLevel = 'high';
risk.requiresApproval = true;
}
// Medium risk for moderate amounts
if (transaction.amount > 1000 && agent.trustScore < 7.0) {
risk.riskLevel = 'medium';
risk.requiresReview = true;
}
return risk;
}Trust Score History
ClawAuth maintains historical trust score data for analysis:
GET /trust/agents/agent_abc123/history?limit=50
Authorization: Bearer svc_api_key
Response:
{
"data": [
{
"id": "feedback_xyz789",
"serviceId": "svc_service1",
"score": 8.5,
"reason": "Excellent performance",
"metadata": {
"category": "api_usage",
"duration_minutes": 120
},
"createdAt": "2026-02-09T12:00:00Z"
}
],
"summary": {
"currentScore": 8.2,
"scoreTrend": "+0.3", // Change over last 30 days
"totalFeedback": 127,
"averageScore": 7.8
}
}Network Effects
Cross-Service Reputation
Trust scores are calculated across the entire ClawAuth network, not per-service. This creates powerful network effects:
Benefits
- • New services get immediate risk assessment
- • Bad actors can't easily escape reputation
- • Good agents build universal reputation
- • Network becomes more secure over time
Privacy
- • Services only see aggregate scores
- • Individual feedback is anonymous
- • No service-specific reputation details shared
- • Agents control their own data
Gaming Prevention
ClawAuth implements several mechanisms to prevent trust score gaming:
- Service Reputation: Feedback from reputable services carries more weight
- Outlier Detection: Extreme scores are weighted less heavily
- Volume Requirements: Services must provide regular feedback to maintain weighting
- Pattern Analysis: Suspicious feedback patterns are flagged
- Temporal Verification: Rapid score changes trigger review
Best Practices
For Service Providers
Provide Regular Feedback
Submit feedback for both positive and negative interactions. This helps maintain accurate scores and benefits the entire network.
// Provide feedback after significant interactions
async function handleAPICall(req, res) {
const startTime = Date.now();
try {
// Process the request
const result = await processRequest(req);
// Positive feedback for successful interactions
if (req.agent && Date.now() - startTime > 1000) { // Long-running operations
await auth.reportTrust(req.agent.id, {
score: 7.5,
reason: 'Successful complex operation'
});
}
res.json(result);
} catch (error) {
// Negative feedback for problematic behavior
if (req.agent && error.code === 'RATE_LIMIT_EXCEEDED') {
await auth.reportTrust(req.agent.id, {
score: 3.0,
reason: 'Rate limit violation'
});
}
throw error;
}
}Use Contextual Scoring
Consider the context and severity of behavior when scoring. Reserve extreme scores for truly exceptional or problematic behavior.
Implement Graduated Responses
Use trust scores to implement graduated responses rather than binary allow/deny decisions.
For Agent Developers
Build Reputation Gradually
New agents start with neutral scores. Build reputation through consistent, respectful API usage across multiple services.
Monitor Your Score
Regularly check your trust score and recent feedback to identify areas for improvement.
// Monitor agent's own trust score
const tokens = await agent.authenticate();
const decoded = jwt.decode(tokens.accessToken);
console.log('Current trust score:', decoded.trustScore);
// Alert if score drops significantly
if (decoded.trustScore < 5.0) {
console.warn('Trust score is low - review recent interactions');
}Handle Errors Gracefully
Implement proper error handling, respect rate limits, and follow API guidelines to maintain good standing.
Future Developments
ClawAuth's trust system will continue to evolve with additional features:
- Machine Learning: AI-powered anomaly detection and scoring refinement
- Specialized Scores: Domain-specific reputation (e.g., financial vs. content)
- Reputation Staking: Economic incentives for maintaining good behavior
- Peer Validation: Agent-to-agent reputation feedback
- Reputation Insurance: Economic protection against reputation attacks
Questions or Issues?
If you have questions about trust scores or believe your agent has been unfairly rated, contact our support team. We maintain detailed logs and can investigate scoring discrepancies or potential gaming attempts.